You are currently offline, waiting for your internet to reconnect

A RBAC role assignee can unexpectedly change mailbox properties that are outside the management role group scope in an Exchange Server 2010 environment

SYMPTOMS
Consider the following scenario:  
  • You create a management role assignment in a Microsoft Exchange Server 2010 environment.
  • You assign the Mail Recipients role to a role assignee.
  • You define the scope of the role assignment to an organizational unit.
  • The role assignee tries to change mailbox properties that are outside the management role group scope by using the Set-CalendarProcessing cmdlet.
In this scenario, the role assignee can unexpectedly change the mailbox properties successfully. 
CAUSE
This issue occurs because there is no Role Based Access Control (RBAC) scope verification when Exchange Server 2010 run the Set-CalendarProcessing cmdlet.
RESOLUTION
To resolve this issue, install the following update rollup:
2579150 Description of Update Rollup 4 for Exchange Server 2010 Service Pack 1
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
MORE INFORMATION
For more information about Role Based Access Control, visit the following Microsoft website:For more information about management role assignments, visit the following Microsoft website:For more information about the Set-CalendarProcessing cmdlet, visit the following Microsoft website:For more information about the Mail Recipients role, visit the following Microsoft website:
Properties

Article ID: 2489130 - Last Review: 07/28/2011 03:21:00 - Revision: 3.0

  • Microsoft Exchange Server 2010 Service Pack 1
  • kbqfe kbfix kbsurveynew kbexpertiseinter kbhotfixrollup KB2489130
Feedback